DC - Create Wireless Group Policy
CA - Create the Server Cert for NPS server
NPS - Export NPS Server Cert and CA Cert
7. In CA, Create a RAS Certificate for Network Policy Service
Click Start and select Run
Type mmc and click OK
Go to Fileà Add/Remove Snap-ins
Add Certificate Template and Certificate Authority
Type mmc and click OK
Go to Fileà Add/Remove Snap-ins
Add Certificate Template and Certificate Authority
Create a server certificate for the NPS server
Select Certificate Template
Right-click on the RAS and IAS Server and select Duplicate Template
Select "Windows Server 2008 Enterprise"
In the General tab, enter a name for this template and change Validity period if you want
In the Request Handling, check "Allow private key to be exported"
This setting is very important
This certificate needs to be exported with private key later to install to Aruba.
In the Security tab, allow "Autoenroll" for RAS and IAS Servers
Selecct Certificate Template of CA
Right-click on the template created in previous steps
Select "Certificate Template to Issue"
Select Certificate Template
Right-click on the RAS and IAS Server and select Duplicate Template
Select "Windows Server 2008 Enterprise"
In the General tab, enter a name for this template and change Validity period if you want
In the Request Handling, check "Allow private key to be exported"
This setting is very important
This certificate needs to be exported with private key later to install to Aruba.
Right-click on the template created in previous steps
Select "Certificate Template to Issue"
Create a new Group Policy called Wireles Network (IEEE 802.11x) and edit it
Computer Configuration --> Windows Settings --> Security Settings --> right-click on the Wireless Network Policy and select "Create A New Wireless Network Policy for XP
My configuration is for XP.
Computer Configuration --> Windows Settings --> Security Settings --> right-click on the Wireless Network Policy and select "Create A New Wireless Network Policy for XP
My configuration is for XP.
Right-click on New XP Wireless Network Policy and select Properties
Select the Preferred Networks tab
Click Add... and select your wireless networks SSID
Select the network you just added and cick Edit...
Confirm WPA2 and AES is selected for Authentication and Encryption respectively
Select "Microsoft: Protected EAP (PEAP) and click Settings...
Check your Certificate Authorities. This should be in a format like%Mydomain%-%CAServerName%-CA where Mydomain is your domain name and CAServerName is the server name that holds the Certifiate Authority role
9. In NPS, export NPS Cert and CA cert so that they can be installed to Aruba
Start à Run à mmc à File menu à Add/remove Snap-ins
Add Certificates (Computer account, Local computer)
Add Certificates (Computer account, Local computer)
Locate and right-click NPS_ServerCert
Select All Tasks à Export
Make sure "Yes, export the private key" is selected
You need the password when you install the cert to Aruba
You need it when you install the cert to Aruba
Now export CA Cert
Select Trusted Root Certification Authority and Certificates
Select the CA cert
Select "DER encoded binary X.509 (.CER)
Put a name and select the location to export
Once these two certs are imported to Aruba, the configuration completes.
You may need to run the gpupdate command on a test machine before testing.
Select Trusted Root Certification Authority and Certificates
Select the CA cert
Select "DER encoded binary X.509 (.CER)
Put a name and select the location to export
Once these two certs are imported to Aruba, the configuration completes.
You may need to run the gpupdate command on a test machine before testing.
No comments:
Post a Comment